Federal Trade Commission
Background President Woodrow Wilson signed the original FTC Act into law on September 26, 1914. When the Federal Trade Commission was created, its purpose was to prevent unfair methods of competition in commerce as part of the battle to “bust the trusts.” Over the years, Congress passed additional laws giving the agency greater authority to police anticompetitive practices. In 1938, Congress passed the Wheeler-Lea Amendment, which amended the FTC Act “to prohibit ‘unfair or deceptive acts or practices’ in addition to ‘unfair methods of competition’ — thereby charging the FTC with protecting consumers directly, as well as through its antitrust efforts.”''See'' J. Howard Beales III, Director, Bureau of Consumer Protection, Fed. Trade Comm’n, "The FTC’s Use of Unfairness Authority: Its Rise, Fall, and Resurrection" (June 2003).http://www.ftc.gov/speeches/beales/unfair0603.shtm Since then, the Commission also has been directed to administer a wide variety of consumer protection laws, including the: * CAN-SPAM Act * Fair and Accurate Credit Transactions Act * Children’s Online Privacy Protection Act * Gramm-Leach-Bliley Act, and the * U.S. SAFE WEB Act. In 1975, Congress gave the FTC the authority to adopt industry-wide trade regulation rules. The Commission does not have criminal law enforcement authority. Further, under the FTC Act, certain entities, such as banks, savings and loan associations, and common carriers, as well as the business of insurance, are wholly or partially exempt from Commission jurisdiction.See Section 5(a)(2) and (6)a of the FTC Act, 15 U.S.C. §§45(a)(2) and 46(a). See also The McCarran-Ferguson Act, 15 U.S.C. §1012(b). FTC's Mission The FTC’s mission is to promote the efficient functioning of the marketplace by protecting consumers from unfair or deceptive acts or practices and to increase consumer choice by promoting vigorous competition. The Commission’s primary legislative mandate is to enforce Section 5 of the FTC Act, which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce.See 15 U.S.C. §45(a). With the exception of certain industries and activities, the FTC Act provides the Commission with broad investigative and law enforcement authority over entities engaged in or whose business affects commerce. The FTC is the only federal agency with both consumer protection and competition jurisdiction in broad sectors of the economy. The agency enforces laws that prohibit business practices that are harmful to consumers because they are anticompetitive, deceptive, or unfair, and promotes informed consumer choice and understanding of the competitive process. The Commission also has responsibility under 45 additional statutes governing specific industries and practices. These include, for example, the Truth in Lending Act,Id. §§1601 et seq. which mandates disclosures of credit terms, and the Fair Credit Billing Act,Id. §§1666 et seq. which provides for the correction of billing errors on credit accounts. The Commission also enforces over 30 rules governing specific industries and practices, e.g., the Used Car Rule,16 C.F.R. Part 455. which requires used car dealers to disclose warranty terms via a window sticker; the Franchise Rule,16 C.F.R. Part 436. which requires the provision of information to prospective franchisees; the Telemarketing Sales Rule,16 C.F.R. Part 310. which defines and prohibits deceptive telemarketing practices and other abusive telemarketing practices; and the Children’s Online Privacy Protection Act and regulations.16 C.F.R. Part 312. In addition, on May 12, 2000, the Commission issued a final rule implementing the privacy provisions of the Gramm-Leach-Bliley Act.15 U.S.C. §§6801 et seq. The rule requires a wide range of financial institutions to provide notice to their customers about their privacy policies and practices. E-commerce on the Internet falls within the scope of this statutory mandate. Online Privacy The online collection and use of consumers’ information, including the tracking of individual browsing habits, has raised significant concerns for many consumers. These concerns are not new; surveys have consistently demonstrated consumer unease with data collection practices in the online marketplace. Beginning in 1995, the Federal Trade Commission held a series of public workshops on the issues of privacy and the Internet. In part based upon these workshops, the FTC issued several reports to Congress focusing on a variety of privacy issues, including the collection of personal information from children, self-regulatory efforts and technological developments to enhance consumer privacy, consumer and business education efforts, and the role of government in protecting online privacy. The Commission has sought to understand the online marketplace and its information practices and to assess its cost and beneficial effects. It has also used its law enforcement authority to challenge websites with deceptive privacy policy statements. 1998 Report In its 1998 report, [http://www.ftc.gov/reports/privacy3/index.shtm Privacy Online: A Report to Congress,] based upon its examination of the information practices of over 1400 commercial sites on the World Wide Web, and its assessment of private industry’s efforts to implement self-regulatory programs to protect consumers’ online privacy, the Commission summarized widely-accepted principles regarding the collection, use, and dissemination of personal information. These Fair Information Practice Principles, which predate the Internet, had been recognized and developed by government agencies in the United States, Canada, and Europe since 1973, when the United States Department of Health, Education, and Welfare released its seminal report on privacy protections in the age of data collection, [http://aspe.hhs.gov/datacncl/1973privacy/tocprefacemembers.htm Records, Computers, and the Rights of Citizens.] The Report assessed the information practices of commercial websites and the existing self-regulatory efforts in light of these fair information practice principles and concluded that an effective self-regulatory system had not yet taken hold. The Commission deferred judgment on the need for legislation to protect the online privacy of consumers generally, and instead urged industry to focus on the development of broad-based and effective self-regulatory programs. COPPA In response to the concerns over the privacy of children’s online personal information, and with the encouragement of the FTC, the 105th Congress passed the Children's Online Privacy Protection Act to prohibit unfair and deceptive acts and practices in connection with the collection and use of personally identifiable information from and about children on the Internet. 1999 Report In 1999, the Commission issued a second report to Congress — [http://www.ftc.gov/os/1999/07/privacy99.pdf Self-Regulation and Online Privacy: A Report to Congress.] — that assessed the progress made since its 1998 report, and set an agenda for Commission actions to encourage implementation of online privacy protections. In that Report, a majority of the Commission found notable progress in self-regulatory initiatives, and that online businesses were providing significantly more notice of their information practices. However, it also found that the vast majority of the sites surveyed collected personal information from consumers online, and that the implementation of fair information practices was not widespread. It argued that the growth of the Internet in general, and electronic commerce in particular, mandated against sweeping regulations that might inhibit the growth of both. The Commission also outlined plans for future Commission actions to encourage greater implementation of online privacy protections, including the public workshop on online profiling. One of the main elements of industry self-regulation was FTC enforcement of the privacy policies that companies collecting personal information posted on their websites. 2000 Report In its 2000 Report,Federal Trade Commission, Privacy Online: Fair Information Practices in the Electronic Marketplace: A Report to Congress, at 3 (May 2000). a majority of the Commission concluded that, despite its significant work in developing self-regulatory initiatives, industry efforts alone have been insufficient. Thus, the majority recommended that Congress enact legislation to ensure consumer privacy online. Bush Administration Developments However, the agency changed its position after the election of President George W. Bush and a change in leadership at the Commission. The new FTC Chairman, Timothy Muris, announced that the agency would expand enforcement of existing laws rather than pursuing new legislation.See Remarks of FTC Chairman Timothy J. Muris, The Privacy 2001 Conference (Oct. 4, 2001). Muris indicated that the Commission was “primarily a law enforcement agency” which “best carries out its consumer protection mission” through “aggressive enforcement of the basic laws of consumer protection.” He further indicated that in his opinion, “the particular issue of broad based, Internet only legislation is still premature at this moment.”''See'' Challenges Facing the Federal Trade Commission, Hearing on H.R. 68 Before the Subcomm. on Commerce, Trade, and Consumer Protection of the H. Comm. on Energy and Commerce, 107th Cong. 12 (2001) (statement of Timothy J. Muris, FTC Chairman).http://energycommerce.house.gov/reparchives/107/hearings/11072001Hearing403/print.htm During this period, the Commission also used its Section 5 authority to bring actions against companies that engaged in unfair or deceptive information practices. Most of these early cases involved deceptive statements in companies’ privacy notices about their collection and use of consumers’ data.See, e.g., ''In re'' GeoCities, Inc., 127 F.T.C. 94 (1999) (consent order) (settling charges that website had misrepresented the purposes for which it was collecting personally identifiable information from children and adults); FTC v. Toysmart.com, LLC, No. 00-11341-RGS, 2000 WL 34016434 (D. Mass. July 21, 2000) (consent order) (challenging website’s attempts to sell children’s personal information, despite a promise in its privacy policy that such information would never be disclosed); see also ''In re'' Liberty Fin. Cos., 128 F.T.C. 240 (1999) (consent order) (alleging that site falsely represented that personal information collected from children, including information about family finances, would be maintained anonymously); FTC v. ReverseAuction.com Inc., No. 00-0032 (D.D.C. Jan. 6, 2000) ((consent order)) (settling charges that an online auction site allegedly obtained consumers’ personal identifying information from a competitor site and then sent deceptive, unsolicited email messages to those consumers seeking their business); FTC v. Rennert, No. CV-S-00-0861-JBR (D. Nev. July 6, 2000) ((consent order)) (alleging that defendants misrepresented the security and encryption used to protect consumers’ information and used the information in a manner contrary to their stated purpose). The legal theories in these early enforcement actions highlighted, in particular, the fair information practice principles of notice and choice (the “notice-and-choice approach”). Collectively, the Commission’s policy and enforcement efforts underscored its emphasis on the concepts of transparency and accountability for information practices. Obama Administration Developments In recent years, the FTC has sought to protect consumers’ personal information and ensure that consumers have the confidence to take advantage of the many benefits of the ever-changing marketplace by using two primary models: * the "notice-and-choice model," which encourages companies to develop privacy notices describing their information collection and use practices to consumers, so that consumers can make informed choices, and * the "harm-based model," which focuses on protecting consumers from specific harms — physical security, economic injury, and unwanted intrusions into their daily lives. Each model advances the goal of protecting consumer privacy; at the same time, each has been subject to criticism. Specifically, the notice-and-choice model, as implemented, has led to long, incomprehensible privacy policies that consumers typically do not read, let alone understand. Likewise, the harm-based model has been criticized for failing to recognize a wider range of privacy-related concerns, including reputational harm or the fear of being monitored. In addition, both models have struggled to keep pace with the rapid growth of technologies and business models that enable companies to collect and use consumers’ information in ways that often are invisible to consumers. Meanwhile, industry efforts to address privacy through self-regulation have been too slow, and have failed to provide adequate and meaningful protection. References Category:Government agency Category:Privacy